Map a client Kerberos principal name to the WebSphere user registry ID Step 4 of Setting up Kerberos as the authentication mechanism for WebSphere Application Server

Map a client Kerberos principal name to the WebSphere user registry ID

Configure Kerberos as the authentication mechanism for WebSphere Application Server using the administrative console
Parent
Set up Kerberos as the authentication mechanism for WebSphere Application Server

We can map the Kerberos client principal name to the WebSphere user registry ID for both Simple and Protected GSS-API Negotiation (SPNEGO) web authentication and Kerberos authentication. Read the Mapping of a client Kerberos principal name to the WebSphere user registry ID article for more information.
(zos) We can optionally map a Kerberos principal to a System Authorization Facility (SAF) identity on z/OS .
(zos) If we choose the Use the KERB segment of an SAF user profile radio button on the Kerberos panel of the WAS administrative console, you must have the Local OS users mapped to a specific Kerberos principal. Read Mapping a Kerberos principal to a System Authorization Facility (SAF) identity on z/OS for more information.

What to do next
Set up Kerberos as the authentication mechanism for the pure Java client (Optional)

Subtopics

Mapping of a client Kerberos principal name to the WebSphere user registry ID
We can map the Kerberos client principal name to the WebSphere user registry ID for both Simple and Protected GSS-API Negotiation (SPNEGO) web authentication and Kerberos authentication.

Related tasks

Mapping of a client Kerberos principal name to the WebSphere user registry ID